Hello,
Could someone _please_ tell me exactly which kind of objects/attributes
one has to create for Mozilla
to show and use? I'm somehow having a very bad time getting a working
NS4 module to work under latest
Mozilla build.
Also, what should i do to avoid Mozilla ( and Netscape ) asking pins
for private keys which are associated
with certificates unsuitable for TLS ( nonRepudiation, authenticate
once per priv-key operation)?
Priit
Robert Relyea wrote:
>
> Hi Priit,
>
> No, you do not have to support those Netscape-specific attributes you
> see (in the vendor specific portion of the space). You do have to
> tolerate searches for these objects and attributes, but it's quite ok to
> say those objects don't exist. If you aren't building a generalized
> storage token, this is probably the correct semantic (you don't need to
> store CRL's or S/MIME cert records -- even to get S/MIME to work).
>
> The only object that might be useful for tokens would be the trust
> attribute. I will be righting up a description of how that works soon,
> and posting it here and to the cryptoki mailing list.
>
> bob
>
> Priit Randla wrote:
> >
> > Hello everybody,
> >
> >
> > I'm writing a pkcs11 module for a specific smartcard ( Estonian
> > ID-card ). So far, it kinda works
> > under Netscape 4.7* for both win32&linux.
> > Using fresh Mozilla builds, im having problems i don't quite understand
> > how to approach.
> > Basically, do i have to support those Mozilla-specific
> > classes/attributes i'm seeing in
> > nss-3.3.1/mozilla/security/nss/lib/ckfw/ckt.h? Looks like mozilla
> > keeps searching for objects with those attributes. If yes, then what
> > should i do with them? Also, could some kind person please explain me
> > which functions do i have to program if i'm supporting mechanisms
> > CKM_RSA_PKCS, CKM_SHA1_RSA_PKCS, CKM_SHA_1 and i'd like both ssl client
> > certs and s/mime to work?
> >
> >
> > Priit Randla
> >
> >
